FISA

The Australian government has introduced the country’s first standalone cybersecurity law to Parliament.The new legislation aims to better protect citizens and organizations against a heightened geopolitical and cyber threat environment. The Cyber Security Bill 2024 covers a range of areas, including mandating minimum cybersecurity standards for IoT devices and mandatory ransomware reporting for critical infrastructure organizations. Additionally, the legislation will establish a Cyber Incident Review Board to conduct post-incident reviews into significant cybersecurity incidents and a ‘limited use’ obligation that restricts how incident information provided to the National Cyber Security Coordinator can be used and shared with other government agencies. The package will also progress and implement reforms under Australia’s Security of Critical Infrastructure (SOCI) Act 2018. This includes provisions to simplify information sharing across industry and government and enhancing governmen...

  Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson told BleepingComputer. "We have launched an investigation to assess this claim, and our investigation is ongoing." This statement comes after a well-known threat actor named "IntelBroker" said that he and two others called "EnergyWeaponUser and "zjj" breached Cisco on October 6, 2024, and stole a large amount of developer data from the company. "Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private &...

  Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware. Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States. Storm-0501 attack flow The attacker gains access to cloud environments by exploiting weak credentials and taking advantage of privileged accounts, with the goal of stealing data and executing a ransomware payload. Microsoft explains that the Storm-0501 obtains initial access to the network with stolen or purchased credentials, or by exploiting...